ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Porsche AG Company CyberSecurity Posture

clickthe.bio
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

“In the beginning I looked around and could not find quite the car I dreamed of. So I decided to build it myself.“ This quote by Ferry Porsche sums up everything that makes Porsche what it is. It has been our guiding star for more than 75 years. Every day, we search for the best solution with commitment, passion and enthusiasm. We courageously tread new and untested paths. Our entrepreneurial pioneering spirit makes unique solutions possible. We love challenges, act quickly and always act respectfully and fairly towards people and the environment. Driven by dreams: At Porsche we believe in the power of dreams. As different as they may be, they have one thing in common: they are what drive us. If you too want to dream and change the world, then you have come to the right place. We invite you to dream with us and together make the world more innovative, more sustainable and more colourful. What could that be like? On our website www.porsche.com/careers you can gain an insight into the Porsche working environment and experience first-hand what makes working at Porsche so fascinating. Make your own dream come true. And the dreams of millions of others. This is where you will find all our job offers based on your preferences. Take your chance and apply online: jobs.porsche.com News, background stories and more about Porsche: www.newsroom.porsche.com Legal notice: http://www.porsche.com/germany/legal-notice/ Social privacy: https://www.porsche.com/germany/social-privacy/

Porsche AG A.I CyberSecurity Scoring

Porsche AG

Company Details

Linkedin ID:

porsche-ag

Website:

https://porsche.click/LTLinkedIn

Employees number:

11,629

Number of followers:

2,060,887

NAICS:

3361

Industry Type:

Motor Vehicle Manufacturing

Homepage:

clickthe.bio

IP Addresses:

0

Company ID:

POR_6859101

Scan Status:

In-progress

AI scorePorsche AG Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/porsche-ag.jpeg
Porsche AG Motor Vehicle Manufacturing
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscorePorsche AG Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/porsche-ag.jpeg
Porsche AG Motor Vehicle Manufacturing
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Porsche AG Company CyberSecurity News & History

Past Incidents
2
Attack Types
2
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Porsche AG: Porche Cars immobilized by Cyber Attacks in RussiaCyber Attack100612/2025
POR1764749852
Rankiteo Explanation :
Attack threatening the economy of geographical region

Description: Porsche vehicles in Russia have taken to social media platforms to express frustration and concern over a series of issues affecting their cars. According to reports, a growing number of Porsche owners have experienced sudden immobilization of their vehicles, with symptoms including unresponsive security systems, complete battery depletion, and failure of factory-installed Vehicle Tracking Systems (VTS)—systems that also serve as integral components of the car’s alarm mechanisms. The problem, it seems, stems from what many are calling a sophisticated cyber attack involving satellite interference, potentially linked to state-sponsored actors. The widespread disruption has particularly affected Porsche models produced after 2013, with a significant number of owners reporting their cars locking themselves out or becoming entirely inoperable. Models manufactured prior to 2013, on the other hand, appear to be susceptible to jamming or disruption by external satellite-based interference, which is negatively impacting the functionality of critical security features, including the VTS and alarm systems. Impact on Vehicle Immobilizers and Cybersecurity Concerns Yulia Trushkova, Service Director at Rolf (a prominent Russian automotive dealership), confirmed that Porsche vehicles built post-2013 are experiencing malfunctions, likely due to a coordinated attack on the onboard immobilizer systems. These systems are crucial for vehicle security, preventing unauthorized operation or thef

PorscheVulnerability6037/2024
POR3543135102725
Rankiteo Explanation :
Attack with significant impact with internal employee data leaks

Description: Porsche is discontinuing its best-selling **Macan ICE (Internal Combustion Engine) SUV in Europe from mid-2024** due to **non-compliance with the UNECE WP.29 cybersecurity regulations (UN Regulation No. 155)**, which mandate stricter cybersecurity standards for new vehicles. The existing Macan’s electronic architecture lacks the necessary safeguards against **potential cyber threats, malfunctions, or electronic system failures** that could compromise vehicle safety. Retrofitting the model to meet these requirements was deemed **financially unviable** due to the extensive overhaul needed for its control units and cybersecurity management systems. While the decision aligns with Porsche’s broader **electrification strategy**, the immediate impact includes **lost sales revenue in Europe**, reputational risk from discontinuing a flagship model, and operational disruptions in supply chains. The move also signals a **strategic shift away from ICE vehicles** in regulated markets, forcing Porsche to accelerate its EV transition. Though the Macan ICE remains available in other regions (e.g., U.S., UK, Canada), its long-term viability is uncertain if similar cybersecurity mandates expand globally.

Porsche AG: Porche Cars immobilized by Cyber Attacks in Russia
Cyber Attack
Severity: 100
Impact: 6
Seen: 12/2025
Blog:
POR1764749852
Rankiteo Explanation
Attack threatening the economy of geographical region

Description: Porsche vehicles in Russia have taken to social media platforms to express frustration and concern over a series of issues affecting their cars. According to reports, a growing number of Porsche owners have experienced sudden immobilization of their vehicles, with symptoms including unresponsive security systems, complete battery depletion, and failure of factory-installed Vehicle Tracking Systems (VTS)—systems that also serve as integral components of the car’s alarm mechanisms. The problem, it seems, stems from what many are calling a sophisticated cyber attack involving satellite interference, potentially linked to state-sponsored actors. The widespread disruption has particularly affected Porsche models produced after 2013, with a significant number of owners reporting their cars locking themselves out or becoming entirely inoperable. Models manufactured prior to 2013, on the other hand, appear to be susceptible to jamming or disruption by external satellite-based interference, which is negatively impacting the functionality of critical security features, including the VTS and alarm systems. Impact on Vehicle Immobilizers and Cybersecurity Concerns Yulia Trushkova, Service Director at Rolf (a prominent Russian automotive dealership), confirmed that Porsche vehicles built post-2013 are experiencing malfunctions, likely due to a coordinated attack on the onboard immobilizer systems. These systems are crucial for vehicle security, preventing unauthorized operation or thef

Porsche
Vulnerability
Severity: 60
Impact: 3
Seen: 7/2024
Blog:
POR3543135102725
Rankiteo Explanation
Attack with significant impact with internal employee data leaks

Description: Porsche is discontinuing its best-selling **Macan ICE (Internal Combustion Engine) SUV in Europe from mid-2024** due to **non-compliance with the UNECE WP.29 cybersecurity regulations (UN Regulation No. 155)**, which mandate stricter cybersecurity standards for new vehicles. The existing Macan’s electronic architecture lacks the necessary safeguards against **potential cyber threats, malfunctions, or electronic system failures** that could compromise vehicle safety. Retrofitting the model to meet these requirements was deemed **financially unviable** due to the extensive overhaul needed for its control units and cybersecurity management systems. While the decision aligns with Porsche’s broader **electrification strategy**, the immediate impact includes **lost sales revenue in Europe**, reputational risk from discontinuing a flagship model, and operational disruptions in supply chains. The move also signals a **strategic shift away from ICE vehicles** in regulated markets, forcing Porsche to accelerate its EV transition. Though the Macan ICE remains available in other regions (e.g., U.S., UK, Canada), its long-term viability is uncertain if similar cybersecurity mandates expand globally.

Ailogo

Porsche AG Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Porsche AG

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

Porsche AG has 66.67% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

Porsche AG has 29.87% more incidents than the average of all companies with at least one recorded incident.

Incident Types Porsche AG vs Motor Vehicle Manufacturing Industry Avg (This Year)

Porsche AG reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History — Porsche AG (X = Date, Y = Severity)

Porsche AG cyber incidents detection timeline including parent company and subsidiaries

Porsche AG Company Subsidiaries

SubsidiaryImage

“In the beginning I looked around and could not find quite the car I dreamed of. So I decided to build it myself.“ This quote by Ferry Porsche sums up everything that makes Porsche what it is. It has been our guiding star for more than 75 years. Every day, we search for the best solution with commitment, passion and enthusiasm. We courageously tread new and untested paths. Our entrepreneurial pioneering spirit makes unique solutions possible. We love challenges, act quickly and always act respectfully and fairly towards people and the environment. Driven by dreams: At Porsche we believe in the power of dreams. As different as they may be, they have one thing in common: they are what drive us. If you too want to dream and change the world, then you have come to the right place. We invite you to dream with us and together make the world more innovative, more sustainable and more colourful. What could that be like? On our website www.porsche.com/careers you can gain an insight into the Porsche working environment and experience first-hand what makes working at Porsche so fascinating. Make your own dream come true. And the dreams of millions of others. This is where you will find all our job offers based on your preferences. Take your chance and apply online: jobs.porsche.com News, background stories and more about Porsche: www.newsroom.porsche.com Legal notice: http://www.porsche.com/germany/legal-notice/ Social privacy: https://www.porsche.com/germany/social-privacy/

similarCompanies

Porsche AG Similar Companies

Michelin
michelin.com

Michelin is a world-leading manufacturer of life-changing composites and experiences. Pioneering materials science over more than 130 years, Michelin is uniquely positioned to make decisive contributions to human progress and a more sustainable world. Drawing on technological leadership in polymer

Security Report Compare
Royal Enfield
royalenfield.com

The oldest motorcycle brand in continuous production, Royal Enfield made its first motorcycle in 1901. A division of Eicher Motors Limited, Royal Enfield has created the mid-sized motorcycle segment in India with its unique and distinctive modern classic bikes. Royal Enfield operates in 60+ countr

Security Report Compare
Motherson Group
motherson.com

Founded in 1975, Motherson is one of the world’s leading auto component makers, supplying OEMs globally from over 400 facilities in 44 countries spread across five continents with over 190,000 employees. Within the automotive industry, it is one of the leading global manufacturers of exterior rear

Security Report Compare
Magna International
magna.com

We see a future where everyone can live and move without limitations. That’s why we are developing technologies, systems and concepts that make vehicles safer and cleaner, while serving our communities, the planet and, above all, people. Forward. For all. Our common shares trade on the Toronto Sto

Security Report Compare
Nissan Motor Corporation
nissan-web.net

Nissan Motor Corporation is a global car manufacturer that sells a full line of vehicles under the Nissan and INFINITI brands. Nissan’s global headquarters in Yokohama, Japan, manages operations in four regions: Japan-ASEAN, China, Americas, and AMIEO (Africa, Middle East, India, Europe & Oceania).

Security Report Compare
Maruti Suzuki India Limited
marutisuzuki.com

Maruti Suzuki was established with a dream to provide the 'Joy of Mobility' in the early 1980s. With a humble start of manufacturing about 20,000 cars in a year, the Company has grown leaps and bounds, manufacturing close to 2 million cars a year in FY 2022-23. Over the last four decades, the Compan

Security Report Compare
Joyson Group
joyson.com

Joyson Group is a young, ambitious high-tech company, its headquarter is located in Ningbo, China. With more than 100 bases in 30 countries, over 40000 employees globally. Founded in 2004, Joyson 's main products used to be automotive functional components. Since 2011, the company has acquired se

Security Report Compare
Honda Cars India Ltd
hondacarindia.com

Honda Cars India Ltd. (HCIL), a leading manufacturer of premium cars in India, was established in December 1995 with a commitment to provide Honda’s passenger car models and technologies, to the Indian customers. HCIL’s corporate office is based in Greater Noida, UP and its state-of-the-art manufact

Security Report Compare
Mercedes-Benz USA
mbusa.com

Mercedes-Benz USA, LLC (MBUSA), a Daimler Company, is responsible for the Distribution and Marketing of Mercedes-Benz and smart products in the United States. MBUSA was founded in 1965 and prior to that Mercedes-Benz cars were sold in the United States by Mercedes-Benz Car Sales, Inc., a subsidiary

Security Report Compare
newsone

Porsche AG CyberSecurity News

October 27, 2025 07:00 AM
Porsche AG Shares Continue Upward Trend Following Quarterly Results

The recent recovery rally in Porsche AG shares is expected to continue on Monday following the release of the company's latest financial...

Read Article
September 22, 2025 01:24 PM
Protection Through Expertise: Ethical Hacker Program and Reporting Policy

To complement internal security measures, Porsche works with external cybersecurity researchers to further improve the security of its products and digital...

Read Article
September 22, 2025 12:33 PM
Together we protect Porsche: Our Approach to Information Security

The automotive industry is shaped by innovation, digitalization, and connected mobility. At the same time, the risks from targeted cyberattacks – such as...

Read Article
September 10, 2025 07:00 AM
Porsche reports robust delivery figures despite a challenging environment

Porsche has significantly increased the proportion of electrified vehicles sold in the first nine months of 2025. The details.

Read Article
September 04, 2025 07:00 AM
Porsche AG drops from DAX on falling shares and global challenges

Shares in Porsche AG , the luxury sports car maker majority-owned by Volkswagen , will drop out of Germany's benchmark blue-chip index on...

Read Article
September 04, 2025 07:00 AM
Porsche AG to Leave Germany’s DAX Index After Taking Hit From U.S. Tariffs

Porsche and Sartorius will leave the index, replaced by Scout24 and GEA Group.

Read Article
September 03, 2025 07:00 AM
Porsche AG drops from DAX on falling shares and global challenges

FRANKFURT -Shares in Porsche AG, the luxury sports car maker majority-owned by Volkswagen, will drop out of Germany's benchmark blue-chip...

Read Article
August 13, 2025 07:00 AM
Porsche Bug Bounty programme is back for a third round

Highly skilled security researchers will attempt to identify and report potential IT security vulnerabilities. The details.

Read Article
August 13, 2025 07:00 AM
Porsche Billionaire Owners Eye Fund to Tap Arms Boom

Porsche AG and Volkswagen AG's owners are setting up a fund to make defense-industry investments, hoping to ride a surge in European...

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Porsche AG CyberSecurity History Information

Official Website of Porsche AG

The official website of Porsche AG is https://porsche.click/LTLinkedIn.

Porsche AG’s AI-Generated Cybersecurity Score

According to Rankiteo, Porsche AG’s AI-generated cybersecurity score is 787, reflecting their Fair security posture.

How many security badges does Porsche AG’ have ?

According to Rankiteo, Porsche AG currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Porsche AG have SOC 2 Type 1 certification ?

According to Rankiteo, Porsche AG is not certified under SOC 2 Type 1.

Does Porsche AG have SOC 2 Type 2 certification ?

According to Rankiteo, Porsche AG does not hold a SOC 2 Type 2 certification.

Does Porsche AG comply with GDPR ?

According to Rankiteo, Porsche AG is not listed as GDPR compliant.

Does Porsche AG have PCI DSS certification ?

According to Rankiteo, Porsche AG does not currently maintain PCI DSS compliance.

Does Porsche AG comply with HIPAA ?

According to Rankiteo, Porsche AG is not compliant with HIPAA regulations.

Does Porsche AG have ISO 27001 certification ?

According to Rankiteo,Porsche AG is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Porsche AG

Porsche AG operates primarily in the Motor Vehicle Manufacturing industry.

Number of Employees at Porsche AG

Porsche AG employs approximately 11,629 people worldwide.

Subsidiaries Owned by Porsche AG

Porsche AG presently has no subsidiaries across any sectors.

Porsche AG’s LinkedIn Followers

Porsche AG’s official LinkedIn profile has approximately 2,060,887 followers.

NAICS Classification of Porsche AG

Porsche AG is classified under the NAICS code 3361, which corresponds to Motor Vehicle Manufacturing.

Porsche AG’s Presence on Crunchbase

No, Porsche AG does not have a profile on Crunchbase.

Porsche AG’s Presence on LinkedIn

Yes, Porsche AG maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/porsche-ag.

Cybersecurity Incidents Involving Porsche AG

As of December 11, 2025, Rankiteo reports that Porsche AG has experienced 2 cybersecurity incidents.

Number of Peer and Competitor Companies

Porsche AG has an estimated 12,645 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Porsche AG ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

What was the total financial impact of these incidents on Porsche AG ?

Total Financial Loss: The total financial loss from these incidents is estimated to be $0.

How does Porsche AG detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with discontinuation of ice macan sales in europe; focus on all-electric macan as replacement, and remediation measures with development and launch of all-electric macan (2024) to comply with cybersecurity and emissions regulations, and recovery measures with continued sales of ice macan in non-eu markets (uk, u.s., canada, etc.), and communication strategy with public announcement via porsche newsroom and automotive media; emphasis on electrification strategy and sustainability goals..

Incident Details

Can you provide details on each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity)

measurementExposure impactImpact

Title: Discontinuation of Porsche Macan ICE in Europe Due to UNECE WP.29 Cybersecurity Regulations

Description: Porsche has decided to discontinue the sale of its internal combustion engine (ICE) Macan SUV in Europe starting mid-2024 due to non-compliance with the new UNECE WP.29 cybersecurity regulations (UN Regulation No. 155). The regulations mandate stricter cybersecurity standards for all new vehicles sold in the EU, including protection against hacking and electronic system malfunctions. Retrofitting the existing Macan to meet these standards was deemed cost-prohibitive, leading Porsche to focus on its all-electric Macan as a replacement in Europe. The ICE Macan will continue to be sold in other markets such as the UK, U.S., and Canada.

Date Publicly Disclosed: 2023-10-00

Type: Regulatory Non-Compliance (Cybersecurity)

Motivation: Regulatory compliance and strategic shift toward electrification

Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization

measurementExposure impactImpact

Title: Porsche Vehicle Immobilization Due to Suspected Cyber Attack in Russia

Description: Porsche vehicles in Russia have experienced sudden immobilization, unresponsive security systems, battery depletion, and failure of Vehicle Tracking Systems (VTS). The issue is suspected to be a sophisticated cyber attack involving satellite interference, potentially linked to state-sponsored actors. Models produced after 2013 are primarily affected, with some pre-2013 models also vulnerable to satellite-based jamming.

Type: Cyber Attack, Satellite Interference, Vehicle Immobilization

Attack Vector: Satellite interference, Onboard immobilizer systems

Vulnerability Exploited: Vehicle Tracking Systems (VTS), Immobilizer systems, Security systems

Threat Actor: State-sponsored actors (suspected)

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

Impact of the Incidents

What was the impact of each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Financial Loss: Cost-prohibitive retrofitting expenses for cybersecurity compliance

Systems Affected: Vehicle control units and electronic architecture of Porsche Macan ICE

Operational Impact: Discontinuation of ICE Macan sales in Europe starting mid-2024; shift to all-electric Macan

Revenue Loss: Potential loss of sales revenue in Europe for ICE Macan

Brand Reputation Impact: Minimal (strategic alignment with electrification goals); potential short-term dissatisfaction among ICE enthusiasts

Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852

Systems Affected: Vehicle Tracking Systems (VTS), Immobilizer systems, Alarm systems, Security systems

Downtime: Vehicles rendered inoperable

Operational Impact: Sudden immobilization of vehicles, failure of critical security features

Customer Complaints: Frustration and concern expressed by Porsche owners on social media

Brand Reputation Impact: Negative impact on Porsche's brand reputation in Russia

What is the average financial loss per incident ?

Average Financial Loss: The average financial loss per incident is $0.00.

Which entities were affected by each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Entity Name: Porsche AG

Entity Type: Automotive Manufacturer

Industry: Automotive

Location: Stuttgart, Germany (HQ); global operations

Size: Large (39,557 employees as of 2022)

Customers Affected: European customers seeking to purchase new ICE Macan models post-mid-2024

Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852

Entity Name: Porsche

Entity Type: Automotive Manufacturer

Industry: Automotive

Location: Russia

Customers Affected: Porsche owners in Russia, particularly models produced after 2013

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Containment Measures: Discontinuation of ICE Macan sales in Europe; focus on all-electric Macan as replacement

Remediation Measures: Development and launch of all-electric Macan (2024) to comply with cybersecurity and emissions regulations

Recovery Measures: Continued sales of ICE Macan in non-EU markets (UK, U.S., Canada, etc.)

Communication Strategy: Public announcement via Porsche Newsroom and automotive media; emphasis on electrification strategy and sustainability goals

Data Breach Information

What measures does the company take to prevent data exfiltration ?

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Development and launch of all-electric Macan (2024) to comply with cybersecurity and emissions regulations.

How does the company handle incidents involving personally identifiable information (PII) ?

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by discontinuation of ice macan sales in europe; focus on all-electric macan as replacement.

Ransomware Information

How does the company recover data encrypted by ransomware ?

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Continued sales of ICE Macan in non-EU markets (UK, U.S., Canada, etc.).

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Regulations Violated: UNECE WP.29 UN Regulation No. 155 (Cybersecurity for vehicles),

Regulatory Notifications: UNECE mandate effective July 1, 2024, for all new vehicles sold in the EU

Lessons Learned and Recommendations

What lessons were learned from each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Lessons Learned: Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.

What recommendations were made to prevent future incidents ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Recommendations: Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29., Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits., Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges.

What are the key lessons learned from past incidents ?

Key Lessons Learned: The key lessons learned from past incidents are Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.

References

Where can I find more information about each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Source: Porsche Newsroom

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Source: Motolog Studio (Bhavik Sreenath)

Date Accessed: 2023-10-00

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Source: UNECE WP.29 UN Regulation No. 155

URL: https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system

Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852

Source: Social media reports from Porsche owners in Russia

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Porsche Newsroom, and Source: Motolog Studio (Bhavik Sreenath)Date Accessed: 2023-10-00, and Source: UNECE WP.29 UN Regulation No. 155Url: https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system, and Source: Social media reports from Porsche owners in Russia.

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Investigation Status: Resolved (strategic decision made; no active investigation required)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public announcement via Porsche Newsroom and automotive media; emphasis on electrification strategy and sustainability goals.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Stakeholder Advisories: Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals.

Customer Advisories: European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model.

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals. and European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model..

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Regulatory Non-Compliance (Cybersecurity) POR3543135102725

Root Causes: Development Of The Ice Macan Predated The Finalization Of Unece Wp.29 Cybersecurity Requirements, Leading To Non-Compliance., High Cost And Complexity Of Retrofitting The Vehicle'S Electronic Architecture To Meet Cybersecurity Standards., Strategic Prioritization Of Electrification Over Ice Model Updates In Europe.,

Corrective Actions: Discontinuation Of Ice Macan In Europe And Replacement With All-Electric Macan (2024)., Continued Sales Of Ice Macan In Markets Without Unece Wp.29 Regulations (E.G., U.S., Uk, Canada)., Integration Of Cybersecurity Standards In The Development Of New Models, Including The Electric Macan.,

Incident : Cyber Attack, Satellite Interference, Vehicle Immobilization POR1764749852

Root Causes: Suspected cyber attack involving satellite interference targeting onboard immobilizer systems

What corrective actions has the company taken based on post-incident analysis ?

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Discontinuation Of Ice Macan In Europe And Replacement With All-Electric Macan (2024)., Continued Sales Of Ice Macan In Markets Without Unece Wp.29 Regulations (E.G., U.S., Uk, Canada)., Integration Of Cybersecurity Standards In The Development Of New Models, Including The Electric Macan., .

Additional Questions

General Information

Who was the attacking group in the last incident ?

Last Attacking Group: The attacking group in the last incident was an State-sponsored actors (suspected).

Incident Details

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-10-00.

Impact of the Incidents

What was the highest financial loss from an incident ?

Highest Financial Loss: The highest financial loss from an incident was Cost-prohibitive retrofitting expenses for cybersecurity compliance.

Response to the Incidents

What containment measures were taken in the most recent incident ?

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Discontinuation of ICE Macan sales in Europe; focus on all-electric Macan as replacement.

Lessons Learned and Recommendations

What was the most significant lesson learned from past incidents ?

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive compliance with emerging cybersecurity regulations is critical in the automotive industry, especially for vehicles with interconnected electronic systems. Early integration of cybersecurity standards in vehicle development can avoid costly retrofits and strategic pivots. The incident also highlights the broader industry shift toward electrification as a response to both environmental and regulatory pressures.

What was the most significant recommendation implemented to improve cybersecurity ?

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Accelerate electrification strategies to meet dual goals of emissions reduction and compliance with cybersecurity regulations., Monitor regulatory developments in key markets (e.g., potential adoption of UNECE WP.29 in the U.S. or UK) to anticipate similar compliance challenges., Automakers should prioritize cybersecurity in vehicle design phases to align with evolving regulations like UNECE WP.29. and Invest in modular electronic architectures that can be updated to meet future cybersecurity standards without full retrofits..

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Porsche Newsroom, Motolog Studio (Bhavik Sreenath), Social media reports from Porsche owners in Russia and UNECE WP.29 UN Regulation No. 155.

What is the most recent URL for additional resources on cybersecurity best practices ?

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://unece.org/transport/regulations/un-regulation-no-155-cyber-security-and-cyber-security-management-system .

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (strategic decision made; no active investigation required).

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Porsche has communicated the discontinuation to dealers, customers, and investors, emphasizing the transition to the all-electric Macan and broader electrification goals., .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued was an European customers were advised to purchase the ICE Macan before mid-2024 or consider the all-electric Macan as an alternative. Porsche highlighted the performance and sustainability benefits of the electric model.

Post-Incident Analysis

What was the most significant root cause identified in post-incident analysis ?

Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Development of the ICE Macan predated the finalization of UNECE WP.29 cybersecurity requirements, leading to non-compliance.High cost and complexity of retrofitting the vehicle's electronic architecture to meet cybersecurity standards.Strategic prioritization of electrification over ICE model updates in Europe., Suspected cyber attack involving satellite interference targeting onboard immobilizer systems.

What was the most significant corrective action taken based on post-incident analysis ?

Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Discontinuation of ICE Macan in Europe and replacement with all-electric Macan (2024).Continued sales of ICE Macan in markets without UNECE WP.29 regulations (e.g., U.S., UK, Canada).Integration of cybersecurity standards in the development of new models, including the electric Macan..

cve

Latest Global CVEs (Not Company-Specific)

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
References
Description

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
References
Description

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
References
Description

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

Published
Date
2025-12-10
Updated
Date
2025-12-10
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=porsche-ag' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge